Making the country cyber security-ready
2 June 2008 (New Straits Times)
by Rozana Sani

As an entity entrusted to take charge of national cyber security, CyberSecurity Malaysia certainly chips in a lot of effort. Its chief executive officer Lt Col (R) Husin Jazri says the commitment is reflected in its strategic development projects that have been initiated under the 9th Malaysia Plan, which is progressing ahead of schedule.

"We have achieved major milestones recently. In 2007, through CyberSecurity Malaysia's efforts, Malaysia has been accepted as a Consuming member of the Common Criteria Recognition Agreement (CCRA). This means by 2010, Malaysian information and communications technology (ICT) security products can be evaluated and certified by CyberSecurity Malaysia and this certification will be accepted/recognized globally when Malaysia becomes a Producing member of CCRA, and CyberSecurity Malaysia becomes a Certification Body (CB). What this translates to is that Malaysian products will be recognized globally and contribute to a certain percentage of export global market, thus contributing to 'wealth creation', "he told Tech&U recently.

CyberSecurity Malaysia is also contributing to developing knowledge workers in Malaysia through its Professional Training Services Programme.

"Before the programme started in 2005, there were only 200 certified cyber security professionals. The programme has managed to increase to 749 by December 2007," Husin shared.

To enhance the state of cyber security readiness of the nation, CyberSecurity Malaysia is carrying out the responsibility of Reference Center for Cyber Security Assistance for all Internet users including organizations and Critical National Information Infrastructure (CNII). It has provided services such as incident handling (since 1997), cyber early warning (since 2006) and technical co-ordination center (since 2006). Between 2004 and 2007, the organization has handled a total of 4,190 cyber incidents and 85,000 spams.

Apart from pursuing international collaboration in cyber incident response, Husin said CyberSecurity Malaysia has developed labs and expertise in digital forensics to enhance local competency in the area.

"Since 2004, a total of 514 cases have been handled, and appeared in courts as the Government's expert witness. Meanwhile, four digital forensics analysts have been certified with internationally recognized professional certification: SANS GCFA.

"Since 2006, four best practices and guidelines in CyberSecurity have been produced and we are currently developing the National Cyber Crisis Management Plan (NCCMP) with Majlis Keselamatan Negara," he elaborated.

Within the next few years, Husin said CyberSecurity Malaysia will be focusing its efforts on several key strategic goals. These include enhancing the state of cyber security readiness of the nation; increasing trust and confidence in using indigenous products and expertise; raising national awareness in cyber security; ensuring adequate number of cyber security professionals; and strengthening the position of Malaysia globally in cyber security.

"CyberSecurity Malaysia's initiatives strikes a balance between technology-driven and market-driven innovation approach. By focusing on these strategic goals, CyberSecurity Malaysia will become an enabler within the information security area for the nation to prepare a trusted, impartial and reliable platform towards realizing Malaysia as a global hub and preferred location for ICT and multimedia innovations, services and operations, bringing the country fully into the cyber age," said Husin.

For this year, CyberSecurity Malaysia is embarking on some projects such as Cyber999, which will be launched somewhere in November. Cyber999 is a service offered by MyCERT (Malaysian Computer Emergency Response Team) to handle security issues or incidents faced by computer/Internet users within the country.

CyberSecurity Malaysia currently have 110 personnel where 90 are technical experts. The organization expects to expand its staff strength this year.